Disabling Remote Access Doesn’t Disable All Remote Access

You can disable Remote Access in Windows, but don't be fooled: that doesn't disable all types of remote access.

//

Among the very first few things I did when our family first got our most recent computer was to disable remote access entirely. I no longer remember how I managed to do this, but that’s just as well because I wouldn’t even dream of re-enabling it!

That’s a comment I received from a reader relating to the pernicious “tech support scam” where scammers call you, say they’ve detected problems originating from your computer, and offer to fix it for you — perhaps even for free — if you just give them access to your computer.

Disabling remote access in Windows does not disable this kind of remote access.

I’ll review the setting in Windows and compare it to the types of remote access more commonly used by scammers.

And, of course, I’ll review what you need to do to stay safe. There’s a good chance it’s something you’re doing already.

Many other remote access tools exist, but are unaffected by Windows remote settings.

Skepticism is the most important protection.

Windows Remote Desktop

As outlined in “What’s the Difference Between Remote Desktop and Remote Assistance?”, Windows Home editions don’t support being accessed remotely by Remote Desktop.

In other editions of Windows 10, search for “remote access” or “remote desktop settings”, and click on the latter when it appears1.

Remote Desktop option in Windows 10.

Remote desktop allows you to use your computer as if you were sitting in front of it, by connecting to it from another, remote, machine. It works most seamlessly on local area networks, so if you have multiple machines behind a single router, it can be a useful tool.

In general, if it’s not something you know you need, leave it off. Either way — on or off — it’s unrelated to the scams we hear about. Scammers generally don’t use Remote Desktop.

Windows Remote Assistance

In all editions of Windows 10, search for “Remote Assistance” and click on “Allow Remote Assistance invitations to be sent from this computer”.2

Remote Assistance setting.

Remote Assistance is similar to Remote Desktop in that it allows someone else to access and control your computer. You must initiate the remote assistance session, and you can watch and interact with whatever the other person is doing.

I generally recommend you leave this option off unless you’re about to initiate a remote assistance setting.

Or leave it on. Once again, this is rarely a tool used by scammers.

Remote Access using other tools

There are a myriad of other tools out there available to access computers remotely. I happen to be partial to Google’s Chrome Remote Desktop3, but tools like LogMeIn, GoToMeeting, and other GoTo products are all valid and useful tools to access someone’s computer remotely.

To be extra clear, the tools themselves are not scams or malicious in any way. Like most tools, though, they can be used for good or evil.

The bad news is that none of them are affected by the Remote Desktop or Remote Assistance settings I just described. They can be used regardless of how those settings are set.

The good news is that these tools don’t initiate themselves; like Remote Assistance, you have to take steps to allow someone into your machine.

And this is exactly what scammers try to get you to do.

Once in, assume you’re compromised

If, for some reason, you’ve allowed access to your computer to someone you later find out has malicious intent, or you just don’t trust, you can only assume that your computer has been compromised.

What does that mean? Perhaps most importantly, it means my statement above — “these tools don’t initiate themselves” — could now be false or beside the point. Once someone with malicious intent has accessed your machine, they could install or otherwise enable tools to allow them remote access at any time, without you needing to do a thing.

At that point, you can only treat your machine as fundamentally untrustworthy due to malware.

The solution is simple

As I said, you need to take steps to allow someone onto your machine. Most tech support scams will be very insistent that you need to take action — action that will allow them access.

Podcast audio

Video Narration

Footnotes

1: In older versions of Windows, right-click on “My Computer”, “Computer”, or “This PC”, and click on Properties. In the resulting dialog, click on “Remote settings” or the “Remote” tab to access these settings.

2: In older versions of Windows, follow the instructions in the previous footnote.

Leo Who?

I'm Leo Notenboom and I've been playing with computers since I took a required programming class in 1976. I spent over 18 years as a software engineer at Microsoft, and after "retiring" in 2001 I started Ask Leo! in 2003 as a place to help you find answers and become more confident using this amazing technology at our fingertips. More about Leo.

Also be very careful when searching for support, especially for a free service such as Hotmail, Facebook or Gmail. Free services generally don’t offer phone support. If it’s a paid service better to go directly to the company’s website, for example, {company_name}.com. Scammers have a lot of fake websites offering fake phone numbers or links.The Risk of Searching for a Support Phone Number

what about “remote apps and desk top connections” in the control panel?
when i click on that it says “there are currently no connections available
on this computer”. wouldn`t that at least let me know if someone has
gotten remote access somehow? i`m still on win 7 ult.

In short no. The control panel really only shows the Microsoft apps connection to your computer but as indicated in the article there are many ways to connect which would not be covered in the Control panel setting. e.g. VNC

So how exactly do the scammers get access to your computer? From what I understand, they first have you open the Event Viewer where there are a bunch of “scary” warnings & errors. Then do they have you go to some type of Go To Meeting link where they can remotely access your computer & do the damage?

Here is what I did when a friend’s machine was compromised (& no they did not have a current back-up of their computer).
1) Removed the hard drive from the laptop and installed in an external hard drive enclosure.
2) Connected the usb drive to another machine that had anti-malware installed (made sure that PC was not connected to a network or the internet). If there is something very nasty & aggressive, you don’t want it escaping into your network or phoning home.
3) Ran scans on the external drive to see if there was any “obvious” malware on the drive.
selectively copied data files off the hard drive to another drive.
4) Wiped the suspect hard drive, reinstalled in the computer and did a clean reinstall of windows. My normal preference would be to start with installing a new drive rather than the old drive – just in case there is a rootkit installed that escaped being wiped.
5) Copied recovered data files back to the PC.

I have been trying to reach pcmatic for some time. I hopes you can help by forwarding this message/My phone number is {removed}. Pcmatic does not run properly on my computer. The last 2 weekly scans on Tuesdays have started and stopped at exactly the same time; the start numbers and end numbers are identical. When I click on the shield icon on my task bar nothing happens. When i right click I get 2 options: remove the icon from the task bar or a second opportunity to click on the icon.
I need to have them respond by telephone because I think the computer will block any direct response.

Never publish your phone number, email address or other personal information on a public forum. It opens you up to spam, marketing calls and scams.

Leave a reply:

Before commenting please:

Read the article.

Comment on the article.

No personal information.

No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.